cancel
Showing results for 
Search instead for 
Did you mean: 

Basic CIM questions

I've been reading some of the other posts here on the forum regarding CIM but still have some questions:

 

1) Am I correct in thinking that I should have only one CustomerProfile for each for each of my customers?  Does the authorize.net system prevent me from using a single merchantCustomerID more than once?  There was a post on here that referred to a duplicate profile error returned by the authorize.net API but I have seen no information to tell me under what circumstances that would occur.

 

2) Is a credit card or bank account number required when creating a CustomerProfile? The CIM documentation neglects to explicitly specify if this information is required, optional, or conditional.

 

3) Is it possible to look up an authorize.net customer profile using merchantCustomerId?  Looking at GetCustomerProfile, this does not appear to the case.

 

4) While I find the PDF documentation for CIM linked here to be pretty useful, it is pretty narrowly focused on the inputs and outputs of the API.  Is there a more general source of documentation to show the ins and outs of CIM -- perhaps an overview or tutorial-based documentation?

 

5) What is the difference between SOAP and XML guides?  If I'm using the PHP code provided by authorize.net, do I even care?  From what I can tell, there is no way for me to specify whether I use SOAP or XML.

 

6) Where does one specify the web service location when setting up one's PHP code?  The documentation refers to Production, Test, and WSDL variants without describing why one would choose one or the other.  Additionally, all urls contain 'soap' in them, suggesting they might be inappropriate for an XML implementation.

 

7) In some of the AIM code examples, I see definition of such constants as AUTHORIZENET_API_LOGIN_ID,  AUTHORIZENET_TRANSACTION_KEY, and AUTHORIZENET_SANDBOX.  Is defining these in one's own code the proper approach to configuring the authorize.net PHP code?  Are there other such constants?  Where is this configuration documented?  

sneakyimp
Contributor
19 REPLIES 19

OK I finally have some transactions happening.  Lots of trial and erorr involved.

 

The problem I'm having now is that a comma is a really poor choice for delimiter -- or there's something wrong with the gateway's response.

 

I see that a CIM response ALWAYS constructs a response using a comma as a delimiter:

 

class AuthorizeNetCIM_Response extends AuthorizeNetXMLResponse
{
    /**
     * @return AuthorizeNetAIM_Response
     */
    public function getTransactionResponse()
    {

        // NOTE THE SECOND PARAMETER IS A COMMA
        return new AuthorizeNetAIM_Response($this->_getElementContents("directResponse"), ",", "", array());
    }
...

}

 

It's my understanding that one must tell the gateway with the outgoing request what delimiter to use so that when the response arrives, it is using the correct delimiters.  Is there some way to specify this using the PHP api?  As we see i the code sample above, the comma appears to be hard-wired for parsing CIM transaction results.

I think the results come back as XML, and you should be able to access the parsed XML rather than going through the functions. directResponse is only one of the returned elements. Try doing a print_r() and exploring the structure.

 

EDIT: And yes, you can go into your control panel and change the delimiter with Settings -> Transaction Response Settings -> Direct Response, then edit the functions for the new delimiter. However, this may affect other API's as well, so keep that in mind.

I suspect I will need to modify the PHP library files in order to effectively get a non-comma delimiter working, which bums me out a bit.   I'll probably call tech support and let them know that someone should fix that.

 

I truly appreciate your generous assistance here.  I have another fairly critical question.  I see that the gateway can return a response_code of 'held' and I'm wondering how to deal with a response like this.  I'm guessing that this might result when I attempt a transaction pending some kind of approval, but I totally unsure how I am to be notified of the held funds being delivered/released at a later time.

 

Do I need to also configure some other page so that authorize.net might deliver asynchronous events to my system?  I.e., something like a silent post form or something? Does authorize.net support asynchronous payment events with this PHP library?

 

 

'

There is no specific functionality in the php SDK designed to let you change the delmiting character.  However, it is possible to pass the x_delim_char variable within the extraOptions tag which is exposed by the SDK.  In regards to your second question about asynchronous communication, this is not relevant to our CIM APIs.

I believe that passing any $extraOptions via the PHP SDK would likely cause a failure when your PHP library tries to parse any results from the gateway because your PHP code has no means by which you could change the expected delimiter. As you can see in my post from 3/28 above, the method getTransactionResponse of the class AuthorizeNetCIM_Response has a hard-coded reference to the comma as a delimiter.  This seems like a pretty simple fix and would be very nice to have as commas frequently appear on my data -- especially addresses.

 

As for the need for asynchronous notifications, I believe it IS relevant to your CIM APIS because I have instantiated an AuthorizeNETCIM object:

        $request = new AuthorizeNetCIM(AUTHORIZENET_API_LOGIN_ID, AUTHORIZENET_TRANSACTION_KEY);

 

I have used that CIM object to create a transaction with a CIM customerProfile and customerPaymentProfile:

            $response = $request->createCustomerProfileTransaction("AuthCapture", $transaction);

And when I extract the response of my CIM object:

$transactionResponse = $response->getTransactionResponse();

 

Then the response might yield a value of AuthorizeNetResponse::HELD.

 

If the result of this transaction is HELD, it is my guess that I will probably need to respond to some future event asynchronously, correct?

 

 

Transactions that are "held" require a manual review by the merchant within their Authorize.Net account.  There is no API notification whether these transactions are manually approved or declined at a later time.  It is up to the merchant to make any necessary modificaiton in thier order management system or shopping cart after they have determined what action to take on the order.

Thanks for the clarification, Trevor.

 

Another question.  When i try to create a Customer Profile and the gateway returns error type E00039:

 

A duplicate record with ID 1234567 already exists

 

Is it safe for me to parse that error and use the other ID?  Can anyone think of any reason why this might compromise security?  Also, is the format of this error likely to change?  If I plan to parse it and the text is changed, I could end up with the wrong id.

 

 

This is a bit of an interesting question.  Our general policy is not to make any guarantees about the precise text for responses, but obviously this response is unique.  My expectation is that this this error text will never change, but there is always a possibility that changes to the API make a change unavoidable.  I can tell you that we always try to avoid any changes to our existing API behavior and we announce changes in advance if they have a chance of breaking existing implementations.

 

With all of that being said, I cannot currently think of any reason that we would have a need to change this text.

I'm pleased to report that I've made progress and am testing my form.  I'm still wondering how to respond to circumstances where my locally stored profile data is in conflict with the information stored by the gateway.  IN particular, these:

 

1) Local data has no payment profiles stored for a user but gateway returns "E00039 A duplicate customer payment profile already exists." The gateway doesn't tell us what the profile id is so we can't delete it or fetch it or use it.

 

2) Local data has a customerProfileId stored which the gateway doesn't recognize.  I'm guessing I should wipe all of my customer profile data (and payment profile data) and try to re-create them but I'm worried about the duplicate profile and duplicate payment profile errors.

 

 

 

 

When a "duplicate customer payment profile" message is returned, the simplest action is to run a "getCustomerProfileRequest" to update the list of payment profiles that you have on file for the customer.  This should avoid any sync issues between your database and what is in Authorize.Net.